github.com/alibaba/sealer@v0.8.6-0.20220430115802-37a2bdaa8173/docs/design/docker-image-cache.md (about)

     1  # docker image cache
     2  
     3  ## docker daemon config
     4  /etc/docker/daemon.json
     5  
     6  we bring some changes on dockerd, there is a new filed in daemon.json—"mirror-registries".
     7  
     8  Over the standard docker version. `docker pull a.test.com/test/test:v1` will go to a.test.com directly, even though the
     9  "registry-mirrors" was configured.
    10  
    11  With "mirror-registries", we can make the `docker pull a.test.com/test/test:v1` to some mirror endpoints. There are some
    12  examples following:
    13  
    14  1. `docker pull reg.test1.com/library/nginx:latest` from `mirror.test1.com`, `/mirror.test2.com` first.
    15  
    16  ```json
    17  {
    18  "mirror-registries":[
    19  {
    20  	"domain": "reg.test1.com",
    21  	"mirrors": ["http://mirror.test1.com", "https://mirror.test2.com"]
    22  }
    23  ]
    24  }
    25  ```
    26  
    27  2. docker pull anything from `http://sea.hub:5000`, `https://mirror.test2.com` first
    28  
    29  ```json
    30  {
    31    "mirror-registries":[
    32      {
    33        "domain": "*",
    34        "mirrors": ["http://sea.hub:5000", "https://mirror.test2.com"]
    35      }
    36    ],
    37    "insecure-registries": ["sea.hub:5000", "mirror.test1.com"]
    38  }
    39  ```
    40  
    41  ### registry config
    42  
    43  1. config with registry auth info
    44  
    45  ```yaml
    46  version: 0.1
    47  log:
    48    fields:
    49      service: registry
    50  storage:
    51    cache:
    52      blobdescriptor: inmemory
    53    filesystem:
    54      rootdirectory: /var/lib/registry
    55  http:
    56    addr: :5000
    57    headers:
    58      X-Content-Type-Options: [nosniff]
    59  proxy:
    60    remoteregistries:
    61    # will cache image from docker pull docker.io/library/nginx:latest or docker pull nginx
    62    - url: https://registry-1.docker.io #dockerhub default registry
    63      username:
    64      password:
    65      # will cache image from docker pull reg.test1.com/library/nginx:latest
    66    - url: https://reg.test1.com
    67      username: username
    68      password: password
    69    - url: http://reg.test2.com
    70      username: username
    71      password: password
    72  health:
    73    storagedriver:
    74      enabled: true
    75      interval: 10s
    76      threshold: 3
    77  ```
    78  
    79  2. or config with nothing remote registry info, we can get this info dynamically.
    80  
    81  ```yaml
    82  version: 0.1
    83  log:
    84    fields:
    85      service: registry
    86  storage:
    87    cache:
    88      blobdescriptor: inmemory
    89    filesystem:
    90      rootdirectory: /var/lib/registry
    91  http:
    92    addr: :5000
    93    headers:
    94      X-Content-Type-Options: [nosniff]
    95  proxy:
    96    #turn on the proxy ability, but with noting registry auth info.
    97    on: true
    98  health:
    99    storagedriver:
   100      enabled: true
   101      interval: 10s
   102      threshold: 3
   103  ```
   104  
   105  registry config should be mounted as /etc/docker/registry/config.yml, and mount host /var/lib/registry using -v /var/lib/registry/:/var/lib/registry/ to store image cache
   106  
   107  ### Describe what feature you want
   108  
   109  ### Additional context
   110  remote registry could be added dynamically, but I do not store the dynamical remote registry info, because there would be many pair of username and password for same url probably, and maybe some image from different namespace has different auth info. Thus, it's costly for adding remote registries dynamically, every docker pull request will generate request to real registry from local registry to get real auth endpoint.
   111  And for making cache registry work, there must be one remote registry item, so I take the following config as default registry config.yml.
   112  
   113  ```yaml
   114  version: 0.1
   115  log:
   116    fields:
   117      service: registry
   118  storage:
   119    cache:
   120      blobdescriptor: inmemory
   121    filesystem:
   122      rootdirectory: /var/lib/registry
   123  http:
   124    addr: :5000
   125    headers:
   126      X-Content-Type-Options: [nosniff]
   127  proxy:
   128    remoteregistries:
   129    - url: https://registry-1.docker.io
   130      username:
   131      password:
   132  health:
   133    storagedriver:
   134      enabled: true
   135      interval: 10s
   136      threshold: 3
   137  ```
   138  
   139  at the runtime, I guess not everyone needs the cache ability, So I recommend turn the cache off, leave the choice to users.
   140  the following config will turn off cache ability, and the registry will behave like the community version.
   141  
   142  ```yaml
   143  version: 0.1
   144  log:
   145    fields:
   146      service: registry
   147  storage:
   148    cache:
   149      blobdescriptor: inmemory
   150    filesystem:
   151      rootdirectory: /var/lib/registry
   152  http:
   153    addr: :5000
   154    headers:
   155      X-Content-Type-Options: [nosniff]
   156  health:
   157    storagedriver:
   158      enabled: true
   159      interval: 10s
   160      threshold: 3
   161  ```
   162  
   163  docker run -v  {pathToTheConfigAbove}:/etc/docker/registry/config.yml
   164  
   165  if you do not want to provide any remote url, depend on request to config auth info dynamically. should config registry by following way:
   166  
   167  ```yaml
   168  version: 0.1
   169  log:
   170    fields:
   171      service: registry
   172  storage:
   173    cache:
   174      blobdescriptor: inmemory
   175    filesystem:
   176      rootdirectory: /var/lib/registry
   177  proxy:
   178    on: true
   179  http:
   180    addr: :5000
   181    headers:
   182      X-Content-Type-Options: [nosniff]
   183  health:
   184    storagedriver:
   185      enabled: true
   186      interval: 10s
   187      threshold: 3
   188  ```